Your browser is not supported

For the best experience, use Google Chrome or Mozilla Firefox.

Fortify for GitHub

Supported Products

Fortify on Demand Scan

Integrate your Static Application Security Testing (SAST) into your GitHub workflow with Fortify on Demand. This GitHub Action sets up the Fortify on Demand (FoD) Uploader – also referred to as the FoD Universal CI Tool, allowing you to:

Github

Generate SARIF from Fortify on Demand

This GitHub Action invokes the Fortify on Demand (FoD) API to generate a SARIF log file of Static Application Security Testing (SAST) results. The SARIF output is optimized for subsequent import into GitHub to display vulnerabilities in the Security Code Scanning Alerts.

Fortify ScanCentral Scan

Integrate Static Application Security Testing (SAST) into your GitHub workflows with Fortify. This GitHub Action sets up the Fortify ScanCentral Client, allowing you to:

  • Downloads, extracts and caches the specified version of the Fortify ScanCentral Client zip file
  • Adds the Fortify ScanCentral Client bin-directory to the path

These are the most common use cases for this GitHub Action:

Generate SARIF from Fortify Software Security Center (SSC)

This GitHub Action invokes the Fortify Software Security Center (SSC) API to generate a SARIF log file of Static Application Security Testing (SAST) results. The SARIF output is optimized for subsequent import into GitHub to display vulnerabilities in the Security Code Scanning Alerts.

The primary use case for this action is after completion of a Fortify SCA or ScanCentral SAST scan.

Fortify-related projects developed by Fortify Professional Services

Includes the following:

  • FortifyBugTrackerUtility – Automated submission of FoD and SSC vulnerabilities to external systems
  • FortifySyncFoDToSSC – Utility to synchronize FoD releases and scan results to SSC
  • fortify-integration-maven-webinspect – WebInspect Maven Plugin
  • fortify-ssc-parser-owasp-dependency-check – Fortify SSC Parser Plugin for OWASP Dependency Check results
  • fortify-ssc-parser-tenable-io-cs – Fortify SSC Parser Plugin for Tenable.io Container Security results
  • fortify-ssc-parser-burp – Fortify SSC Parser Plugin for BURP Suite
  • Install

About GitHub

GitHub is a development platform used by developers to host and review code, manage projects, and build software.

github
release-rel-2023-1-2-hotfix-8487 | Mon Jan 30 16:25:17 PST 2023
8487
release/rel-2023-1-2-hotfix-8487
Mon Jan 30 16:25:17 PST 2023
AWS